Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
25/06/2024, 23:49
General
-
Target
0ffbbca25f7a8a0a789f4dc2db4592df_JaffaCakes118.exe
-
Size
20KB
-
MD5
0ffbbca25f7a8a0a789f4dc2db4592df
-
SHA1
5bf1067f24817ab9d68c931b1f8e773dea491762
-
SHA256
bda28a4c18f1e95b97489f1c481952e6074ec117700b4b37fd100449f96623ac
-
SHA512
2d68cae0f6b58131a6ae3255e35ddfb0a08671cd14be9cf179669c4605ebf71192cab76e4b46aecfa6d219c98086a19299acfb22a9e0f99136f5ee75fc021015
-
SSDEEP
384:V/gIxz6vg6FU3yvWULgAIVW+nMyH4CGi2SI4BsuDGmF1yWLrmkQ8Y:qIx6vf++gpphxpJ7RDBF1yW/68Y
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0ffbbca25f7a8a0a789f4dc2db4592df_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\0ffbbca25f7a8a0a789f4dc2db4592df_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\kcodn32.exeC:\Windows\system32\kcodn32.exe2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
20KB
MD50ffbbca25f7a8a0a789f4dc2db4592df
SHA15bf1067f24817ab9d68c931b1f8e773dea491762
SHA256bda28a4c18f1e95b97489f1c481952e6074ec117700b4b37fd100449f96623ac
SHA5122d68cae0f6b58131a6ae3255e35ddfb0a08671cd14be9cf179669c4605ebf71192cab76e4b46aecfa6d219c98086a19299acfb22a9e0f99136f5ee75fc021015